HK Mata SCORE POINT busting Global ATM Fraud$73.000,000 SG mata sleeping?

[HongKanSeng]

SG mata too busy with APEC? or still searching for MSK?

HK arrested 2 within short notice. This is a very high profile well organized crime. RBS is lost is Temasek's $$$$ there?

Wong Kan Seng sleeping?

http://hk.news.yahoo.com/event/fc/20091112/inrbshack.html
提款卡黑客 半天全球盜款7300萬
wait 2 secs to reload the image

美國搗破大型跨國提款卡詐騙黑客集團，黑客去年闖入蘇格皇家銀行（RBS）的電腦系統，盜走44張提款卡的號碼和私人密碼資料，然後安排遍佈全球的「提款員」同黨，半天內在全球包括香港的逾2100部自動提款機，取走七千多萬港元現金...
相關新聞圖片
重點文章

* 提款卡黑客半天環球偷7300萬 入侵RBS偷密碼 港拘兩「提款員」（明報）(05:10)
* 電子盜竊金額超械劫銀行（明報）(05:10)

黑客襲蘇皇 半日提七千萬
(星島) 11月12日 星期四 05:30

(星島日報報道)美國司法部聯同愛沙尼亞和香港等多地的執法部門合力調查，搗破跨國黑客詐騙盜竊集團。該集團先入侵蘇格蘭皇家銀行電腦系統盜取扣帳卡資料，再藉此複製假卡，指示「提款人」於短短不足十二小時內，在...
美近年最大宗網上犯罪 跨國集團 手法精密
(星島) 11月12日 星期四 05:30

(星島日報報道)美國執法機關近年破獲兩大針對美國金融業的網上犯罪集團，其中之一是剛搗破的以蘇格蘭皇家銀行為目標的跨國集團，另一個則由美國二十八歲信用卡黑客大盜岡薩雷斯（Albert Gonzalez）...
電子盜竊金額超械劫銀行
(明報) 11月12日 星期四 05:10

【明報專訊】透過網上盜竊金融機構大筆錢財的案件，近年愈演愈烈，今次蘇格蘭皇家銀行（RBS）的7300萬港元提款卡騙案，正是其中一個典型代表。有專家指出，針對銀行的電子盜竊案，涉及的金額已超過械劫銀行案...
提款卡黑客半天環球偷7300萬 入侵RBS偷密碼 港拘兩「提款員」
(明報) 11月12日 星期四 05:10

【明報專訊】美國搗破大型跨國提款卡詐騙黑客集團，集團黑客去年11月闖入蘇格蘭皇家銀行（RBS）的電腦系統，盜走44張提款卡的號碼和私人密碼資料，然後安排遍佈全球280個城市的「提款員」同黨，於12小時...
相關圖片



其他相關焦點新聞

* 黑客集團閃電提款七千萬（明報）11月11日 星期三 08:35

 

[HongKanSeng]

http://www.finextra.com/news/fullstory.aspx?newsitemid=20725

11 November, 2009 - 10:05 US indicts eight over RBS WorldPay ATM heist A US federal grand jury has indicted eight Eastern Europeans in connection with a crime ring accused of hacking into the computer network of RBS WorldPay, creating counterfeit debit cards and withdrawing over $9 million in 12 hours from ATMs around the world.
0 comments 1316 views
According to authorities, last November the men - from Russia, Estonia and Moldova - hacked into RBS WorldPay's systems and compromised the encryption used by the processor to protect customer data on payroll debit cards.

They then allegedly raised the limits on accounts before handing over 44 counterfeit payroll debit cards to a network of "cashers" who withdrew over $9 million in less than 12 hours from more than 2100 ATMs in at least 280 cities worldwide, including in the US, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada.

The indictment alleges that the "cashers" were allowed to keep 30% to 50% of the stolen funds, but transmitted the bulk of the money back to defendants.

Once the money was stolen, the hackers tried to destroy data stored on the card processing network to hide their work, say authorities. However, RBS WorldPay spotted the unauthorised activity and reported the breach.

Sergei Tsurikov, 25, from Tallinn, Estonia, Viktor Pleshchuk, 28, of St Petersburg, Russia, Oleg Covelin, 28, from Chisinau, Moldova and a person known only as "Hacker 3" face a 16-count indictment charging them with conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud, access device fraud and aggravated identity theft.

Igor Grudijev, 31, Ronald Tsoi, 31, Evelin Tsoi, 20, and Mihhail Jevgenov, 33, all from Tallinn, have been indicted for access device fraud.

Tsurikov, Ronald Tsoi, Evelin Tsoi and Jevgenov were arrested earlier this year in Estonia. Tsurikov is awaiting extradition to the US.

Acting US Attorney, Sally Quillian Yates, Northern District of Georgia, says: "Last November, in just one day, an American credit card processor was hacked in perhaps the most sophisticated and organized computer fraud attack ever conducted. Today, almost exactly one year later, the leaders of this attack have been charged. This investigation has broken the back of one of the most sophisticated computer hacking rings in the world."

 

[HongKanSeng]

http://news.slashdot.org/story/09/11/10/222240/9-Million-ATM-Hacking-Ring-Indicted?from=rss

Trailrunner7 writes "US and international prosecutors have indicted a criminal ring that they allege was responsible for an ATM scam last November that stole about $9 million from RBS WorldPay. The criminals cracked payroll debit cards and withdrew money from ATMs in hundreds of cities around the world. A federal grand jury in Atlanta has indicted eight men in connection with the scheme, including five Estonians, one Russian, one Moldovan, and one unidentified man. Prosecutors allege that the men 'used sophisticated hacking techniques' to defeat the company's encryption system. The scam involved an elaborate plan in which the attackers first bypassed the encryption on the debit cards, which RBS WorldPay issues to customers for employee payroll purposes. They then raised the limits on the accounts attached to the cards, then provided a network of 'cashers' with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from more than 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Japan and Canada. The $9 million loss occurred within a span of less than 12 hours; 130 different ATMs in 49 cities were hit within one 30-minute period."

 

[HongKanSeng]

http://www.informationweek.com/news...jhtml?articleID=221601284&cid=RSSfeed_IWK_All

Four Indicted In $9 Million RBS WorldPay Hack

One of most sophisticated computer hacking rings in the world has been broken, claims Acting U.S. Attorney Sally Quillian Yates.

By Thomas Claburn
InformationWeek
November 11, 2009 11:50 AM

Four men were indicted on Tuesday for allegedly hacking into Atlanta, Ga.-based payment processor RBS WorldPay and stealing over $9 million from ATMs around the globe.

A federal grand jury returned indictments against Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 28, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and a person identified only as "Hacker 3."

A year ago, RBS WorldPay, owned by the Royal Bank of Scotland, was hacked in what Acting U.S. Attorney Sally Quillian Yates described as "perhaps the most sophisticated and organized computer fraud attack ever conducted."

On December 23, 2008, the company announced that on November 10 of that year, it had discovered "its computer system had been improperly accessed by an unauthorized party."

RBS WorldPay, which processes credit and debit transactions for other financial companies, said that certain personal information for 1.5 million cardholders and other individuals may have been affected and that as many as 1.1 million of these people may have had their social security numbers accessed.

According to the indictment, the alleged fraud arising from the incident involved far less information -- 44 payroll debit cards.

The indictment says that Covelin identified the vulnerability in RBS WorldPay's network that allowed the hackers to get in and that Pleshchuk and Tsurikov "developed a method by which the conspirators reverse engineered Personal Identification Numbers (PINs) from the encrypted data on the RBS WorldPay computer network."

The defendants were then able to raise the withdrawal limits on RBS WorldPay's prepaid payroll cards, which are linked to accounts that receive direct deposit payments for employees.

On or about November 8, 2008, the group allegedly coordinated a distributed series of ATM withdrawals during a twelve hour period "at over 2,100 ATMs located in at least 280 cities around the world, including in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan, and Canada."

Over $9 million was stolen and the "cashers" -- associates who carried out the actual cash withdrawals -- were allowed to allowed to keep between 30% and 50% of the amount they withdrew, with the remainder being wired back to the hackers.

Having access to the RBS WorldPay network, Pleshchuk and Tsurikov allegedly monitored the withdrawals and then attempted to cover their tracks by destroying data on the network.

If convicted, the four men face up to 20 years in prison for wire fraud charges; up to five years in prison for conspiracy to commit computer fraud; as many as 10 years in prison for each count of computer fraud; a two-year mandatory minimum sentence for aggravated identity theft; and fines up to $3.5 million dollars, according to the U.S. Department of Justice.

How are you dealing with data-centric security? Answer our survey by Friday, Nov. 13, and be eligible to win an iPod Touch. Click here to take part.

 

[HongKanSeng]

http://www.financetech.com/feed/showArticle.jhtml?articleID=221601457&cid=RSSfeed_FTN_All

Hackers Exploit Prepaid Payroll Cards
Cyber criminals accused of breaking into RBS WorldPay’s systems and exploiting payroll cards may indicate a new trend.
By Maria Bruno-Britz
November 12, 2009

The long arm of the law caught up with eight Russian and Eastern European hackers. The U.S. Department of Justice alleges they were part of a crime ring that broke into ATMs in hundreds of cities worldwide and stole $9 million in a matter of hours, says The Wall Street Journal.

Prosecutors in Atlanta indicted the hackers, saying this was perhaps the most brazen and damaging electronic bank heist to date. One of the criminals is awaiting extradition from Estonia, while the others remain at large.

At stake in this heist was the encrypted RBS WorldPay computer system, the U.S. payment processing division of Royal Bank of Scotland. The hackers cloned prepaid ATM cards, raised the account limits on the compromised accounts and then used them to withdraw cash from 2,100 ATMs from nearly 300 cities around the world. The operation began Nov. 8, 2008 and took just 12 hours.

Kate Monahan, an analyst with Boston-based Aite Group sees payroll debit cards as an emerging tool for criminals to exploit, just as banks are increasing their use of them to court underbanked consumers. Monahan made some recommendations for banks to keep in mind to further protect their ATM networks. First, she said in a statement, banks need to be more mindful of evolving ATM fraud types and how they much alter the security around their ATM channel.

She also recommended keeping in touch with the ATM vendors.

"Stay in constant contact with your ATM vendors," Monahan said. "Vendors are working with law enforcement officials behind the scenes and are constantly working on improving hardware and software security to better enable their products to withstand potential attacks from criminals."